For over a year folks have been reading the tea leaves of
Transmeta patent filings
[1] to divine what the secretive company is in
business for. Why do we care? Mostly because Microsoft co-founder
Paul Allen is an investor and Linus Torvalds, father
of Linux, works there
[2]. Transmeta's new patent
[3] reveals, to
those who troll these deep waters, that the company is developing a
processor capable of running the Intel instruction set (no surprise
so far) while skating around Intel's own technology patents. This
CNet story
[4] notes that Torvalds has hinted that Transmeta might
debut its products at the Comdex trade show in November
[5]. And a
TBTF informant who must remain nameless (heck, I don't know who s/he
is) claims that Microsoft's Windows 2000 kernel / driver team possesses
detailed knowledge of Transmeta's strategy and operates under a
non-disclosure agreement with the company. Who knows, in a few years we
may speak of the Winsmeta duopoly.

An interlocking set of agreements removes some roadblocks stalling domain-name reform

The three parties have been wrangling over contractual terms for the
last year. Last week they announced a complex series of agreements
that resolve all of the issues outstanding among them, including
funding for ICANN's continuing operations. The best summary I've
found of the interlocking agreements is this fact sheet
[6] on
Commerce's site. The agreements could come into effect as early as
November, after ICANN takes public comment and ratifies them.

Highlights:

NSI assents to ICANN's authority and agrees to sign a modified
Registrar Agreement.

Commerce takes over operation of the InterNIC.

The fee NSI charges to competitive registrars drops from $9
to $6.

NSI agrees in principle to a per-name fee to fund ICANN's
operations, provided that NSI does not owe more than $2M
under such a program. NSI hands over $1.5M to ICANN
immediately.

NSI continues to run the authoritative root server for at
least four years. Even after its eventual transfer to ICANN,
Commerce continues to assert policy authority to direct this
server. (I wonder what the EU thinks of this provision.)

NSI must totally separate its registry and registrar
functions. If it accomplishes this within 18 months then it can
hold onto the root server for an additional four years.

NSI effectively gives up the claim that it owns the
intellectual property represented by the .com/.org/.net database.

With the contract fight behind them, ICANN moved forward with their
proposal for a uniform policy for resolving disputes over domain
names
[7],
[8]. Its main goals are to render domain-name hoarding
profitless and to remove most disputes from the courts in favor of
binding arbitration. ICANN will take public comments
[8] on the
proposal until 13 October.

At the recent conference
[9] "Governing the Commons: The Future of
Global Internet Administration," many participants were critical of
ICANN's attempts to establish Internet policy, according to this
account
[10] written by Ted Byfield <tbyfield at panix dot com> for
the German magazine Telepolis. Byfield notes that ICANN has blown
past the already controversial proposals of the IAHC-gTLD-MoU-CORE
group
[11],
[12], which wanted to
establish equitable dispute
resolution mechanisms. ICANN proposes a much stronger uniform dispute
resolution policy, drawing even more fire.

On 16 September the administration announced changes in the US
cryptography export regime. Like numerous other changes in the past,
this one was presented as a relaxation of the rules that will
benefit consumers. It's far from clear that this is the case.

Once the new rules go into effect in December, after a one-time
review any retail product featuring encryption of any strength will
be exportable to individuals and companies -- but not to
governments -- in all but 7 countries worldwide. This relaxation is tied
to funding for a new FBI research lab and to a disturbing loosening
of the rules of evidence in court cases that involve encryption.

The Electronic Privacy Information Center links the White House
announcement, commentary, and analysis from this page
[13]. EPIC
remains agnostic on the proposals. General counsel David Sobel said,
"It appears that the FBI and large computer companies have reached
an agreement on encryption, but that is not necessarily in the
interest of the average computer user."

The legislative vehicle for these new initiatives is the selfsame
Cyberspace Electronic Security Act that, in an earlier draft, would
have allowed secret police break-ins to alter computer equipment
[14].
That provision is gone now; it was probably a trial balloon
anyway.

A week after the latest proposals were announced, EPIC's Mark
Rotenberg found himself sharing a conference panel with William Reinsch,
the administration official tasked with carrying out US crypto
export policy. Rotenberg later described his address to the politech
mailing list:

I opened by quoting Senator Aiken's line regarding Vietnam
that the US should "declare victory and then get out." I
suggested that with the crypto issue, the Administration
has decided to "declare defeat, but stay in."

Irish mathematician Robert Harley announced
[15] that his team has
cracked the seventh and most difficult Certicom ECC Challenge
problem to date. Certicom has confirmed the correct result
[16]. So far
seven Certicomm exercises and challenges have been cracked since
December 1997; Harley's growing team has broken each one of them.
The solution required 16,000 MIPS-years -- twice the effort of the
recently broken, 512-bit RSA-155
[17]. The team struck it lucky,
finding the solution in less than a third of the expected time.
The distributed computation was run by 195 volunteers, on a total
of 740 computers, over 40 days.

While this result strengthens the case of those who contend
on theoretical grounds that a crypto key based on ECDL (Elliptic
Curve Discrete Logarithms) is inherently harder to break than an
RSA key, it does not prove that assertion. Rather, it indicates
that at the current state of the art, the best mathematical tools
and algorithms known for cracking ECDL take longer to run than the
best tools known for cracking RSA.

On 12 September I posted as a Tasty Bit of the Day Harley's call for
more machines to throw at the problem; others, including TechDirt,
publicized it as well. This graph
[18], adapted from Harley's site,
rather dramatically shows the effect of the call for participants.

This story in
The Times (UK)
[19]
claims that a European Institute
of Quantum Computing Network has been hastily formed to develop
commercial banking codes based on quantum entanglement. The
newspaper claims:

The institute was founded a few weeks after news leaked from
the Israel's Weizmann Institute that it was using a mixture
of quantum computing and special optical technology to break
the RSA-512 code, the system used by the European banking
system. It claims it has developed a hand-held device that
can break the code in 12 microseconds.

The "special optical technology" sure sounds like Shamir's TWINKLE
[20]. An opto-electronic sieving device, which as far as I know has
never been constructed, is exactly what you'd want if your goal was
to accelerate a brute-force attack on RSA-512. But 12 microseconds?
It seems unlikely in the extreme. Its inventor estimates that TWINKLE
would speed up sieving by a factor of 1000 -- that is, for RSA-512,
this step would take hours instead of months. And quantum computers
are generally thought to be years from practical realization, if not
decades. Here's the succinct dismissal of crypto expert Peter
Gutmann <pgut001 at cs dot auckland dot ac dot nz>, writing on the
EUcrypto mailing list:

I would say the quantum crypto aspect is at least as accurate
as the confused gobbledigook in the rest of the article, which
looks like it was cobbled together from pieces of reports on
TWINKLE, the factoring of RSA-512 in August, and a sales pitch
for some crowd in Europe. I assume the latter was the driving
force behind the story.

New free service should prove a boon to list managers, members, and those in need of ad hoc groupware

Last week Internicity, Inc. released Take It Offline[21]. TBTF is
proud to offer you this exclusive first look. (Full disclosure:
Steve Yost, Internicity's principal, is a TBTF Irregular
[22] and a
friend of mine. I offered him ideas and advice from the earliest
days of Take It Offline, and the TBTF Irregulars supplied beta
feedback. I don't have any financial interest in Internicity.)

TIO provides a convenient, lightweight venue for ad-hoc, online
group discussions. Did someone on your mailing list just raise an
off-topic but intriguing idea? In less than a minute you can create
a private TIO discussion space and post its URL to your list. Then
anyone interested in following the diversionary thread can
participate at Take It Offline. The mailing list stays focused. Once
the TIO discussion winds down, the thread stays live, so you get
no 404s from a mailing list's Web archive or from search spiders.

TIO can be useful in the absence of a mailing list. Say you need
to coordinate a seminar schedule involving 10 people. You can
create a TIO space and mail its URL to the 10 individuals, then work
out the details in Take It Offline. Those who wish to can get
email each time a note is added to the discussion; a daily digest
is also available.

The site is lean and speedy, light on graphics, clean and
attractive. The privacy policy is featured prominently and it is
aggressively visitor-friendly. Posters to TIO can use any name they like;
no registration or passwords are required. An email address is
needed only to start a thread. Cookies are used only for visitor
convenience; the site works fine if you refuse them.

In deference to the recent Jargon Scout entry
[23], Internicity has
also registered the name Takeitofflist.com.

Take It Offline can provide a free forum for mailing lists, such as
this one, that don't offer threaded discussions. Let's try it now.
Visit this TIO space
[24] if you want to explore TIO's implications
for the dynamics of mailing lists or the workings of hypertexts.
I'll be following this thread closely and posting to it from time
to time.

Researchers at the University of Southern California announced
[25] a
neural network system, curiously unnamed, that they claim performs
better than humans at recognizing words under noisy conditions. In
the tests described, the USC system was pitted against human
subjects in the task of picking out individual words amid varying
amounts of white noise or conversational babble. The system
performed as well or better than the human subjects across the board;
the noisier the conditions the greater its advantage
[26].

The researchers say that this performance, far beyond that of
conventional voice-recognition systems, stems from the unique
neuron-mimicking chips they have developed. Like neurons, the chips signal
by varying their rate of output. Previous neural circuits kept
their output clocked, ignoring this timing aspect of the way
biological neurons operate.

It's unclear how well such a system would scale. The reported
experiments used only four separate words, on which the USC system had
been trained. Adding more words might dilute its accuracy; such has
been the experience of other neural networks. But USC obtained their
results with a circuit of only 33 neuromime chips, versus the
hundreds or thousands of (software or hardware) simulated neurons used
in other research.

I can't judge the significance of this announcement; I've seen some
skepticism directed towards it but no substantial arguments. Perhaps
the researchers are onto something truly important with their
unclocked neuromimes.

Everyone writes about Amazon.com. That's because almost anything
they do ends up looking like a leading indicator for where Internet
commerce is headed next. Amazon's latest move is a stunner, but the
jury is definitely out on whether or not it's a good idea. Amazon
has introduced zShops[27],
[28], a way for a small business or an
individual to offer anything for sale to Amazon's millions of daily
visitors, using Amazon's fabled One Click Ordering. On the one hand,
Amazon continues to do what they've always done best: leave the
competition at the last turn scratching their heads. On the other hand,
Amazon looks set to squander its hard-won brand name by representing
hundreds of thousands of items and merchants that don't measure up
to its quality standards.

Jochen Schwarze <jochen dot schwarze at orthogon dot de> was the
first to send word of the formal launch of the Google search site
[29].
The company introduces a feature called GoogleScout, which
seems to be a form of "more like this link." TBTF profiled Google
on 1998-05-11
[30] --
the first press coverage for the site in
English, before its founders had left Stanford.

The article "The partial eclipse at the Duomo" in the previous issue
[31] prompted these
notable eclipse pointers.

Mark Dionne <mdionne at mediaone dot net> directs our attention
to this stunning photograph
[32], taken from the Mir space station,
of the August 11 total eclipse on the face of Europe. (Two weeks
later the last Mir crew turned out the lights and pulled the plug
[33].)

Peter Kaiser <kaiser at acm dot org> kindly gave permission to
post on the TBTF archive his account
[34] of travelling to view
the eclipse. It's not what you might be expecting. Kaiser gives
step-by-step instructions for recreating his eclipse experience
in New York City. On the west side. On Riverside Drive. Oh, just
go read it
[34].

Think Open Source guarantees you can know what a program does? Think again

This classic paper
[35] by Ken Thompson, co-inventor of Unix, is
disquieting in the extreme. It is Thompson's 1984 acceptance speech for
the ACM's Turing Award. Understanding it requires some grasp of the
mechanics of programming. That said, those who read and grok
Reflections on Trusting Trust will emerge considerably more paranoid
than they went in. The effect is likely to be permanent.

The moral is obvious. You can't trust code that you did not
totally create yourself. (Especially code from companies that
employ people like me.) No amount of source-level verification
or scrutiny will protect you from using untrusted code... As
the level of program gets lower, these [Trojans] will be
harder and harder to detect. A well installed microcode bug will
be almost impossible to detect.

I'm interested in what non-programmers are able to make of
Thompson's revelations; let's take it offline
[36]. Other insights on
this paper are welcome too.

Easter eggs, as usually defined, are the amusing personal messages
that programmers leave buried in commercial software
[37]. The Web
is broadening the possibilities to which an Easter egg can aspire.
The first search-engine egg I've encountered is built into Google's
priority rules. Whose home page do you suppose tops Google's reply
when you enter more evil than satan himself[38]? This offbeat
discovery has been circulating on various mailing lists in recent
days and was picked up by the Memepool
[39] blog
[40]. If you've
seen any other search eggs, or noted other directions in which
Easter eggs are expanding, let's take it offlist here
[41].

Ugh. I hate the terms "blog" and "weblog" in general.
Especially since those are usually the clicktrails of a single
person, and memepool is the combined efforts of ~70 people.
But thanks for the link :)

Note added 1999-10-06:
Posters to the TIO
discussion area, led by TBTF Irregular Danny O'Brien, have pointed out that
Microsoft's home page comes up at the top of many Google searches. The
engine ranks pages based on others' links to them, and many people link
to Microsoft. Some fraction of these links happen to be attached to text
containing the words "evil" and/or "satan."

O f f l i s t D i s c u s s i o n s

These are the forums I've set up at Take It Offline for those who want
to comment on and discuss this issue's articles. I'll be monitoring
and posting to these forums actively until at least 15 October.

N o t e s

Four days on a windjammer off the coast of Maine was the longest I've
been out of reach of IP tone since 1995; couldn't even raise a
cell-phone response. A few of you were kind enough to inquire about the
fate of a certain schooner in the winds of Hurricane Floyd. We
truncated the sail a half day early on Thursday morning, fleeing for
Camden harbor in rain and 40-mph following winds. Didn't see another
single darn fool out on the water all the way home. Nice day for a
sail though.